Cabinet Office government-by-Facebook plans probed
'Get the ICO in,' advises 'Recipe for ripoffs' report
What you need to know about cloud backup
MPs have called on the government to work with the Information Commissioner on how to implement the Cabinet Office's personal data proposals, which include the possibility of farming out its ID-handling to third parties such as banks and Facebook.
The Public Administration Select Committee's report entitled Government and IT - 'a recipe for rip-offs': time for a new approach was published this morning.
Among other things it recommended that the government should work on its grand plans in cooperation with the UK's data watchdog.
"Giving control of personal data to the individual has the potential to improve data quality while reducing both costs and risks. Individuals are used to controlling their own data with private sector companies, such as Amazon and with utility companies," reads the report.
"Moving to a model where the citizen maintains their own personal data with an independent, trusted provider and then can choose whether to authorise the sharing of that information with other organisations is an ambitious vision that will need to be trialled extensively."
As we exclusively reported in June, the Cabinet Office has been in talks with Facebook and other social networks about how those platforms could be used by British citizens to sign into public services online.
A so-called "ID assurance" prototype is expected in October this year. However, the report struck a cautionary note about Francis Maude's department proceeding with such a plan.
"We also recognise that there may be legal constraints and concerns about privacy which could act as a barrier to implementing such a radical reform," said the MPs.
"We therefore recommend that the government, working with the Information Commissioner, review potential barriers to the personal data model and explore the ways in which this model could best be developed.
"We welcome the work being done to create an integrated identity assurance trust model for simplifying access to government services. We suggest that government consider integrating this work with the personal data model. This could represent an important step, placing responsibility and control of personal data with citizens in their interactions with public and other online services."
Facebook, as part of evidence submitted to the committee of MPs, offered its "expertise" on open platforms, even though none other than Tim Berners Lee has previously argued against the notion that the dominant social network is into the sharing data game.
"The majority of applications on Facebook are not designed by its employees but by independent developers whose applications integrate with Facebook’s core services.
"This open platform model provides an interesting insight into how future government services might operate better: enabling government information and services to be provided to citizens where and when they need them."
But such a suggestion has already been greeted with concern by privacy advocates, who are worried that the Cabinet Office has simply found a creative way of building an ID database via third parties, thereby offloading the burden wholesale onto the private sector.
Maude has cast these ID assurance plans as a way of cutting duplication and thus saving money for the public purse.
The first public services earmarked for testing of the system include the Department for Work and Pension’s universal credits, NHS HealthSpace, HMRC’s one click programmes and the Skills Funding Agency.
The Cabinet Office has ambitious plans to fully implement the scheme by August next year. Whether the Information Commissioner will advise a block on such "radical reform" remains to be seen, however. ®
COMMENTS
No
To state what should be obvious: British citizens should not have to store sensitive data in countries outside the jurisdiction of the Data Protection Act, just to access UK public services.
Whoever proposed this must be insane.
Oh the quotes, such gems, they hurt.
"Moving to a model where the citizen maintains their own personal data with an independent, trusted provider and then can choose whether to authorise the sharing of that information with other organisations is an ambitious vision that will need to be trialled extensively."
Sure guv. Who owns that data then?
Not me, not you, but an overseas multinational. So I get my account suspended for some canard or other, so aptly demonstrated by google+ and facebook earlier. So I suddenly cease to exist for the government. Who'm I gonna call?
The ease by which this "trust" is bestowed onto this unknown third party (as we all know, all the usual suspects are not in any way trustworthy and have no incentive to become so) is frightening. Not unusual as neither is the fact the people concocting this scheme haven't a clue, but frightening nonetheless.
"Maude has cast these ID assurance plans as a way of cutting duplication and thus saving money for the public purse."
So you do suppose facebook and google+, and heck bebo, myspace, beautiful people, orkut, qq, and whoever else is out there, have become best pals and share data now?
It's not "cutting duplication", it's "out of sight, out of mind, for the government". But that still means they're not doing their job. I'd hardly call that "radical reform" to be honest.
To provide to the people an assurance platform that can deal with anonymity, pseudonymity, realnameity, pennameity, and so on, and so forth, and that the others can plug into without also taking ownership of the data, that would be radical and new and useful. Government grade assurance while the citizen keeps ownership and fine-grained control as to who has access to the data. And while at it, can enforce all verifications be mutual so that the verificee knows the verificator had in fact a right to do this and gets to keep a log of what when actually happened. That puts the means next to the incentive to see who's meddling with the data and ought to cut back on abuse some.
But all that'd require real innovation, academic research even. The government is too short bus and not enough brilliant to provide real radical reform to the people. We knew all that already, but it deserves to be said regardless. For the cabinet office, it so clearly is devoid of clues again. Carry on government.
You have GOT to be bloody kidding?
First para, and already my jaw is on the floor... "ID-handling to third parties such as banks and Facebook"
banks? OK, yeah, I follow the thinking, the Germans use (or at least did a while back, dunno about now) banks to issue ID cards so that's not too much of a stretch. But bloody FACEBOOK?!?!?!
So much for infosec then.
Might as well dump all my personally identifiable info, old passportss, credit history, everything, into a bin, park it outside my home, and stick a sign on it saying "ID Thieves, look here first".
More bloody cloud cuukoo land thinking from the Hot Air Housing Project.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
